Paper Number
ICIS2025-2343
Paper Type
Complete
Abstract
This study investigates how IT heterogeneity, IT centrality, and IT complexity influence data breach risk in multi-branch corporations. Drawing on complexity theory and IT governance literature, we conceptualize IT heterogeneity as IT application diversity, IT centrality as the strategic concentration of IT professionals, and IT complexity as the total number of physical IT assets. Using a matched sample of 456 U.S. corporations and a logistic regression model, we find that IT heterogeneity significantly increases breach likelihood, and its detrimental effect is amplified under high IT complexity. Conversely, IT centrality is negatively associated with breach risk, and this mitigating effect strengthens as complexity rises. These findings challenge prevailing assumptions that heterogeneity inherently enhances security. Theoretically, this study articulates how structural IT attributes interact and influence cybersecurity risk by theorizing and operationalizing IT structural complexity. Practically, it offers actionable guidance for IT governance in complex organizational environments.
Recommended Citation
Mohsin, Mohammad; Farokhnia Hamedani, Moez; and Iyer, Lakshmi, "Data Breach Risk of IT Heterogeneity and IT Centrality in Multi-Branch Corporations: The Moderating Role of IT Complexity" (2025). ICIS 2025 Proceedings. 16.
https://aisel.aisnet.org/icis2025/cyb_security/cyb_security/16
Data Breach Risk of IT Heterogeneity and IT Centrality in Multi-Branch Corporations: The Moderating Role of IT Complexity
This study investigates how IT heterogeneity, IT centrality, and IT complexity influence data breach risk in multi-branch corporations. Drawing on complexity theory and IT governance literature, we conceptualize IT heterogeneity as IT application diversity, IT centrality as the strategic concentration of IT professionals, and IT complexity as the total number of physical IT assets. Using a matched sample of 456 U.S. corporations and a logistic regression model, we find that IT heterogeneity significantly increases breach likelihood, and its detrimental effect is amplified under high IT complexity. Conversely, IT centrality is negatively associated with breach risk, and this mitigating effect strengthens as complexity rises. These findings challenge prevailing assumptions that heterogeneity inherently enhances security. Theoretically, this study articulates how structural IT attributes interact and influence cybersecurity risk by theorizing and operationalizing IT structural complexity. Practically, it offers actionable guidance for IT governance in complex organizational environments.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
09-Cybersecurity